How do I install a system-wide SSL certificate on openSUSE?

opensuse suse ssl certificates
70,366

Solution 1

As already mentioned SUSE supports ca-certificates starting with openSUSE 13.1 / SLES 12.

The difference to debian/Ubuntu is the directory for your certififcates. The SLES man page to update-ca-certificates has these directories:

FILES
   /usr/share/pki/trust/anchors
          Directory of CA certificate trust anchors.

   /usr/share/pki/trust/blacklist
          Directory of blacklisted CA certificates

   /etc/pki/trust/anchors
          Directory of CA certificate trust anchors for use by the admin

   /etc/pki/trust/blacklist
          Directory of blacklisted CA certificates for use by the admin

The openSUSE package mentions these:

- Packages are expected to install their CA certificates in 
  /usr/share/pki/trust/anchors or /usr/share/pki/trust (no extra subdir) instead
  of /usr/share/ca-certificates/<vendor> now. The anchors subdirectory is for
  regular pem files, the directory one above for pem files in
  openssl's 'trusted' format.

Solution 2

I would take a look for a package called ca-certificates (that's the name it goes by on Red Hat distros). All of the main distros bundle certificates and they're generally in the same location.

Since SuSE uses RPM packages as well I'd guess you could do a query like this to find the name of the package that provides certificates:

$ rpm -aq | grep -i cert
ca-certificates-2010.63-3.el6_1.5.noarch

With the name of this package I can then rpm -qi <package name> to find out more info about it:

$ rpm -qi ca-certificates-2010.63-3.el6_1.5.noarch
Name        : ca-certificates              Relocations: (not relocatable)
Version     : 2010.63                           Vendor: CentOS
Release     : 3.el6_1.5                     Build Date: Fri 23 Sep 2011 03:39:46 PM EDT
Install Date: Sat 15 Dec 2012 02:34:14 PM EST      Build Host: c6b5.bsys.dev.centos.org
Group       : System Environment/Base       Source RPM: ca-certificates-2010.63-3.el6_1.5.src.rpm
Size        : 1353134                          License: Public Domain
Signature   : RSA/SHA1, Mon 26 Sep 2011 12:17:03 AM EDT, Key ID 0946fca2c105b9de
Packager    : CentOS BuildSystem <http://bugs.centos.org>
URL         : http://www.mozilla.org/
Summary     : The Mozilla CA root certificate bundle
Description :
This package contains the set of CA certificates chosen by the
Mozilla Foundation for use with the Internet PKI.

This command will list its contents:

$ rpm -ql ca-certificates-2010.63-3.el6_1.5.noarch
/etc/pki/java
/etc/pki/java/cacerts
/etc/pki/tls
/etc/pki/tls/cert.pem
/etc/pki/tls/certs
/etc/pki/tls/certs/ca-bundle.crt
/etc/pki/tls/certs/ca-bundle.trust.crt
/etc/ssl
/etc/ssl/certs

This last command will show you where the certificates are getting stored.

YaST

If you don't want to manually do this I believe you can use YaST to add CA certificates as well. Here's a tutorial titled: Chapter 15. Managing X.509 Certification that should guide you through that process.

Solution 3

I installed:

ca-certificates-cacert
ca-certificates-mozilla

and it solved the issue.

Share:
70,366

Related videos on Youtube

Oin
Author by

Oin

Updated on September 18, 2022

Comments

  • Oin
    Oin over 1 year

    I have a PEM certificate that I just downloaded from a webserver. I want to install it system-wide so I can curl the server without it complaining about a missing certificate.

    I tried putting the file in /etc/ssl/certs, but nothing happened.

  • To1ne
    To1ne almost 10 years
    On openSUSE you should copy to /usr/share/ca-certificates instead of /usr/local/share/ca-certificates.
  • david.perez
    david.perez almost 8 years
    On OpenSUSE Leap 42.1 I've found: /usr/lib/ca-certificates
  • ismailarilik
    ismailarilik over 7 years
    ca-certficates-mozilla should be ca-certificates-mozilla.
  • dannysauer
    dannysauer over 5 years
    The listed package search command only searches installed packages, not available (SUSE users will have better luck using zypper -n search cert to find packages). And listing the contents of the package does not tell you what the directories the package creates are for, just that they exist. The documentation linked to, when it existed (I'll fix the link in a sec), provides instructions on how to create a new CA, not manage imported CAs. All that said, this is not really a "bad" answer, as it provides good "how I'd figure this out" steps; it just does not belong as the top answer.
  • wisbucky
    wisbucky almost 5 years
    Then run sudo update-ca-certificates afterwards.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

script to check if SSL certificate is valid
How to get a SSL certificate to be verified in Python?
How do you set up SSL certificates for additional ports in Apache?
Set company certificate as Trusted
12.04.4 server can't verify common SSL certificates, usual fixes failing
Fake UserTrust.com Certificates in Chrome?
How can I add an SSL client certificate/key globally in Ubuntu?
How to fix CA cert issues with Curl in Ubuntu 14.04?
viewer for X.509 certificate
Disable SSL certificate validation in Ubuntu totally